<?php
	mysql_select_db($cmsdb);
	
	/***Mangos Login***/
	if(isset($_POST['login_button_mangos'])){
	
				$username			= $_POST['username'];
				$sha_pass_hash		= $_POST['sha_pass_hash'];
				
				$sha_pass_hash 	= sha1(strtoupper($username) . ":" . strtoupper($sha_pass_hash));
				
				/***Prevent MySQL Injection***/
				$username			= stripslashes($username);
				$sha_pass_hash		= stripslashes($sha_pass_hash);

				$username			= mysql_real_escape_string($username);
				$sha_pass_hash		= mysql_real_escape_string($sha_pass_hash);

	$query_login_mangos=mysql_query("SELECT * FROM account WHERE username='$username' and sha_pass_hash='$sha_pass_hash' LIMIT 1") or die (mysql_error());
	$count_mangos=mysql_num_rows($query_login_mangos);
	$fetch_mangos=mysql_fetch_array($query_login_mangos);
	
	if($count_mangos==1) {
	session_start();
	session_register('username');
	session_register('sha_pass_hash');
	print("<font color='green'>Login successufull.</font><META http-equiv='refresh' content='1; URL=index.php'>");
	}else{print("<font color='red'>Username or password is invalid.</font>");}
	mysql_close($conn);
	}else{header("location:index.php");}
?>